<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>XSS</title>
</head>

<body>
    <input type="text" value="<%= getParameter(" keyword ") %>">
    <button>搜索</button>
    <div>
        您搜索的关键词是：
        <%= getParameter("keyword") %>
    </div>
</body>

</html>